Cybersecurity

Our cybersecurity team is able to perform external penetration-testing (or “pen-testing”), internal pen-testing, wireless pen-testing, vulnerability assessment, web security testing, and social engineering (which includes phishing). We make sure your security policies are sound, and test your perimeter for potential attack vectors.

Are you secured against ransomware and other malicious software?

Is your Wi-Fi network truly secure?

Does your network contain confidential or personal information?

Is your team trained to detect online scammers?

What damage can a disgruntled employee do to your organisation?
 

We have solutions to counter these risks — and more. The cybersecurity landscape is complex and evolves constantly. A reliable pair of hands can help to ensure your information technology and electronic infrastructure is free of unwanted vulnerabilities, and that your team is aware of the potential risks.

Members of Vipac’s cybersecurity team are Certified Ethical Hackers (CEHs) with the esteemed EC-Council. We’re accredited and trained to provide external, internal and wireless penetration tests, vulnerability assessments, web security testing, and social engineering.

 

External penetration-testing and vulnerability assessment

An external pen-test is an assessment of your network via an authorised attempt to remotely infiltrate your internet-facing assets — including web and mail servers, as well as websites.

This type of assessment provides an understanding of vulnerabilities at the network perimeter. It’s these vulnerabilities that a malicious hacker might find and exploit. The assessment also produces a list of risks sorted by criticality, with recommendations for mitigation or avoiding the risk altogether.

We offer black-, white- and grey-box testing for penetration-testing. In black-box testing, our tester has no prior knowledge of the internal architecture or implementation of the system being tested. This best simulates an anonymous external attacker. In white-box testing, however, the client fully discloses the target architecture. This is best used in very specific testing scenarios. The information disclosed to our tester in grey-box testing falls somewhere in between, with only partial knowledge of the target architecture or implementation.

Internal penetration-testing and vulnerability assessment

An internal pen-test simulates what an insider attack could achieve. A malicious insider could be either a compromised employee or workstation. Because of the knowledge insiders have of the network, attacks from within can be potentially more detrimental.

Because this method may be used as a continuation of assessment to identify how far a remote attacker can move through the network after an external breach has taken place, internal pen-testing is often also seen as an extension to external pen-testing.

This type of assessment offers an understanding of the vulnerabilities originating from within your network. As with external vulnerability assessment, we’ll provide you with a list of risks sorted by criticality, with recommendations for mitigation or avoiding the risk altogether. We also offer black-, white- and grey-box testing.

Wireless penetration-testing

While wireless infrastructure brings immense flexibility, it also expands your network’s logical perimeter, introducing greater risk of attack. Compared to standard wired networks, wireless networks can be exploited much more easily. Wireless networks are often considered ideal entry points by malicious actors who want to infiltrate your systems.

We perform pen-testing on your wireless infrastructure to pinpoint vulnerabilities, determine encryption weaknesses, detect default configuration, identify rogue or open access points, and pick out misconfigured or accidentally duplicated wireless networks, among others. These weaknesses and loopholes are categorised, and remediation advice is provided, with the goal of strengthening your wireless security.

Web security testing

With the world’s growing digital footprint and becoming connected like never before, privacy breaches — mainly targeting online stores, web portals, and employee or user logins — are happening at unprecedented rates. To address these breaches, pin down weaknesses and loopholes within your web deployment, as well as minimise (if not prevent) inconsistent system performance and breakdown, security testing has now become an industry best practice in website development.

To ensure your website meets all web application requirements, we perform network and vulnerability scanning, security auditing, log review, integrity checks, denial-of-service (DoS) testing, input validation, online password/administration security, and more.

Social engineering

Does your team have “phishing awareness”? Can your team tell when there’s a cybercriminal lurking around, and do they know what to do in response?

Computer networks and applications exist for people to use them. For this reason, the human element is considered by many to be at the heart of a network’s security. This is where social engineering comes in. It’s the psychological manipulation of people into performing actions against their best interests, therefore compromising network security.

Social engineering often involves interaction with your staff, with the perpetrator acting as someone with authority or disguising as someone seemingly innocent to obtain otherwise inaccessible information or network access. It may be a phone call to a staff member posing as an IT technician, or to the IT helpdesk posing as a staff member; an email to staff masqueraded as a valid correspondence but with an exploit payload; or a visit to the site posing as a janitor or courier to surreptitiously collect information for covert access.

We provide effective phishing-awareness programs to organisations across Australia and beyond, tailored to clients’ specific needs. This includes establishing security protocols, staff training, setting up frameworks of trust on an employee level, and performing unannounced tests on the security framework.

 

For more on our services and how we can assist with your network security, contact our team today.